Share via

Does the default domain in Azure AppService have any limitation comparing to the custom domain?

Hazem Suleiman 0 Reputation points
2025-01-27T10:04:39.07+00:00

I have a web app hosted on Azure as AppService, as staging environment, which has two domains one Azure default, and one custom domain. The default one returns 403 The custom one is working fine.

is it correct behavior?
Also, it has nothing to do with WAF, Cloud defender, and other feature integration, right?
Everything works the same with Azure default and custom domains, correct?
The default/custom domains work the same in this case, correct?

Thank you in advance

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,227 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhargavi Naragani 235 Reputation points Microsoft Vendor
    2025-01-30T08:15:51.85+00:00

    Hi @Hazem Suleiman,
    Thanks for the question and using MS Q&A platform.
    The default and custom domains should behave identically unless restricted. The 403 error on the default domain is likely due to IP restrictions, host header validation, or slot-specific settings.

    1. Go to App Service > Networking > Access Restrictions and ensure no rules block the default domain.
    2. Look for hostname filtering (e.g., AllowedHosts in asp.net Core) and ensure azurewebsites.net is allowed.
    3. Use curl -H "Host: yourapp.azurewebsites.net" to bypass DNS and isolate issues.
    4. Staging slots can have separate configurations. Verify that the slot’s settings (e.g., IP restrictions, authentication) match expectations.
    5. If App Service Authentication is enabled, ensure its configured to allow both domains. Misconfigured redirects or token audiences could block the default domain.
    6. Compare headers (e.g., Host, X-Forwarded-For) between requests to the default and custom domains using browser dev tools or curl -v.
    7. If the problem persists, enable App Service logs for deeper diagnostics.

    Key Differences Between Default and Custom Domains

    • SSL Certificates: The default domain uses a shared Azure-managed certificate Custom domains require you to upload a certificate (or use Azure-managed certificates).
    • DNS and Routing: Custom domains require DNS configuration (CNAME or A record), while the default domain does not.
    • Access Control: Both domains inherit the same App Service settings (e.g., IP restrictions, auth) unless explicitly overridden.

    Reference:
    https://learn.microsoft.com/en-us/azure/static-web-apps/custom-domain

    Hope the above provided information help in better understanding and help you resolve the issue, if you have any further concerns or queries, please feel free to reach out to us.
    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.